A database comprises a self-describing integrated collection of data. In addition to a user's source data, the database includes a description of its own structure referred to as a data dictionary or metadata. In essence, a database serves as a model of a user's model. For example, a database may model the way in which a user views her business. In a hierarchical database, data is organized into a tree-like structure, often in tables. The structure allows repeating information using parent/child relationships. Each parent can have many children but each child only has one parent. In a relational database, data are stored in relations, which are perceived by users as tables. According to the relational model, each relation comprises tuples (records) and attributes (fields). A relational database comprises a set of relations. A database also includes indexes that are used to represent relationships among the data and to improve the performance of database applications. There exists a well-defined set of operations on relations that allow them to be combined and manipulated in various ways. The details of these operations are unimportant to the subject matter of this application, and will not be discussed herein. Additional details of database design methodologies are provided in, An Introduction to Database Systems, by C. J. Date, Addison Wesley, 2003.
Tables often are the primary structures in a database, especially in a relational database. In a relational database, each table typically describes a collection of similar objects that correspond to a single specific subject. When the subject is an object, the table represents something tangible, such as a person, place or thing. When the subject is an event, the table represents something that occurs at a given point in time and has characteristics to be recorded. In a relational database, the logical order of records and attributes within a table is of no significance. Every table in a relational database contains at least one field known as its primary key that uniquely identifies each of its records. The field is the smallest structure in a relational database, and it presents a characteristic of the subject of the table to which it belongs. Every field in a well designed relational database contains one and only one value. A record represents a unique instance of the subject of a table. A record is composed of the entire set of fields of the table. In accordance with the structure of a relational database, each record is identified throughout the database by a unique value of the primary key field of that record.
An application system as referred to herein typically includes a database, a database management system (DBMS) and application programs that utilize the DBMS to access the database. An application may include menus, forms, reports and programs used to configure a computer system to process a portion of a database to meet a user's information needs. A DBMS comprises a set of programs to configure a computer system to define, administer and process a database and its applications. Large application systems often host thousands of individual users and dynamically map user sessions to database sessions with the consequence that the database sessions run in a special, different user context.
Typically, a user requests data from a relational database through a user interface to an application that sends a query that is written in a special language, usually some variation of the relational database syntax known as Structured Query Language (SQL). Note that SQL uses the term table to refer to the relational model's relation, uses the term row to refer to the relational model's tuple or record and uses the term column to refer to the relational model's attribute or field. These terms are used interchangeably in this specification. In response to a query, the relational database returns a result set, which comprises a list of rows containing answers. In practice, relational database management systems often rewrite (“optimize”) queries to perform more efficiently, using a variety of techniques.
Security is imposed upon database access to maintain confidentiality and integrity of data, for example. Often, a database contains certain data that is to be accessed only by designated users or applications. Similarly, a database frequently contains certain data that is to be modified only by certain users or applications. In a relational database, data pertaining to different subjects ordinarily are contained in different tables. Accordingly, security authorization typically is required as a prerequisite to the access and/or modification of certain tables by certain users or certain applications. As such, a table comprises a semantically complete unit with respect to the granularity of the authorization rules
Within the application context as described in above, a database generally does not distinguish individual application users. Thus, in general an application that accesses a relational database may be called upon to impose security by checking whether users of the application have access rights to the data they seek to access and/or modify. That is, although data is stored in a database, security to protect the database from unauthorized user access or modification occurs at the level of an application used to access the database. Accordingly, an application that accesses the database often is called upon to perform security checks upon user access to the database.
A query typically is employed by a user or an application to gain access to the data within a relational database. Thus, an application that accesses a database may be called upon to determine whether execution of a database query within the database would result in unauthorized access to or modification of a table within the database. Queries can be complex, however, and it can be difficult to determine whether a given query would result in unauthorized access to or unauthorized modification of a table. For example, parsing a query statement can be challenging since it requires detailed knowledge of the query language used and may be error-prone due to incomplete specifications.